无法在Docker上访问Centos sshd
我读了一篇文章,说SSH守护进程服务 。 但是我想在Centos6.4上运行。 所以我从官方的centos映像安装了几乎相同的构造。 然后我连接到centos sshd服务器,但连接立即closures。 这是消息。
ssh root@localhost -p 49164 The authenticity of host '[localhost]:49164 ([127.0.0.1]:49164)' can't be established. RSA key fingerprint is 88:71:89:e5:30:91:78:5c:bf:cb:88:c2:5b:81:1a:b5. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[localhost]:49164' (RSA) to the list of known hosts. root@localhost's password: Connection to localhost closed. 为什么我无法连接centos sshd服务器?
有同样的问题在这里,工作正常,如果你在sshdconfigurationclosuresPAM。
这里是我们的Dockerfile的相关行
RUN sed -ri 's/UsePAM yes/#UsePAM yes/g' /etc/ssh/sshd_config RUN sed -ri 's/#UsePAM no/UsePAM no/g' /etc/ssh/sshd_config
我有sshd从Docker回购的“centos”图像工作:
- 我不需要修改sshd_config,即设置默认的
UsePAM yes - 我确实需要在Dockerfile中运行
/etc/init.d/sshd start,因为它会在第一次运行时生成密钥。 - 我确实需要修复
.ssh权限
我的Dockerfile是:
FROM centos:latest RUN yum update -y RUN yum install -y openssh-server sudo RUN /etc/init.d/sshd start RUN useradd admin -G wheel RUN echo 'admin:secret' | chpasswd RUN echo '%wheel ALL=(ALL) ALL' >> /etc/sudoers RUN mkdir -p /home/admin/.ssh ADD authorized_keys /home/admin/.ssh/ RUN chown -R admin:admin /home/admin/.ssh; chmod 700 /home/admin/.ssh EXPOSE 22 CMD ["/usr/sbin/sshd", "-D"]
我也不得不生成服务器密钥,之前,“ssh -v”会立即退出
... debug1: SSH2_MSG_KEXINIT Connection closed by ...
这里是我的工作(Vagrant 1.3.5和Docker 0.7)sshd的Dockerfileconfiguration:
# sshd RUN echo 'root:secret' | chpasswd RUN yum install -y openssh-server RUN mkdir -p /var/run/sshd ; chmod -rx /var/run/sshd # http://stackoverflow.com/questions/2419412/ssh-connection-stop-at-debug1-ssh2-msg-kexinit-sent RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key # Bad security, add a user and sudo instead! RUN sed -ri 's/#PermitRootLogin yes/PermitRootLogin yes/g' /etc/ssh/sshd_config # http://stackoverflow.com/questions/18173889/cannot-access-centos-sshd-on-docker RUN sed -ri 's/UsePAM yes/#UsePAM yes/g' /etc/ssh/sshd_config RUN sed -ri 's/#UsePAM no/UsePAM no/g' /etc/ssh/sshd_config #################### ADD supervisord.conf /etc/supervisord.conf EXPOSE 10389 22 CMD ["/usr/bin/supervisord"]
我的supervisord.conf:
[supervisord] nodaemon=true [program:sshd] command=/usr/sbin/sshd -D stdout_logfile=/var/log/supervisor/%(program_name)s.log stderr_logfile=/var/log/supervisor/%(program_name)s.log autorestart=true
在Docker网站上, Dockerizing一个SSH Daemon服务的例子显示了一个解决这个问题的Dockerfile。 重要的一行是注释SSH login fix之后的sed命令:
# sshd # # VERSION 0.0.2 FROM ubuntu:14.04 MAINTAINER Sven Dowideit <SvenDowideit@docker.com> RUN apt-get update && apt-get install -y openssh-server RUN mkdir /var/run/sshd RUN echo 'root:screencast' | chpasswd RUN sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_config # SSH login fix. Otherwise user is kicked off after login RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd ENV NOTVISIBLE "in users profile" RUN echo "export VISIBLE=now" >> /etc/profile EXPOSE 22 CMD ["/usr/sbin/sshd", "-D"]
它基于Ubuntu镜像,但也适用于CentOS 6。